5dbf59c818e3cabfe16892392eef53e2_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

5dbf59c818e3cabfe16892392eef53e2_JaffaCakes118
Size

3.8MB
MD5

5dbf59c818e3cabfe16892392eef53e2
SHA1

9967ddb324e17e221f717baa54f72f8693620d31
SHA256

d0e9190f8db378467d1b93646164cbd388d986723b13fc77f03cd9146c12a9ae
SHA512

bfe1655fe65541031a01e853e8cce9b565227ed7b7328d9dbf713159d78ef7f48ef60aeb7d20aa18938ba609bdb67711975ddb58ca92ee7aab2f12c01b6df54f
SSDEEP

98304:kIoY9i4pdMw2mom5MP5ImzG2eC9r9/xEWpodf1:kIoYIudMy5lmzG29r9/a+E

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5dbf59c818e3cabfe16892392eef53e2_JaffaCakes118

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

5dbf59c818e3cabfe16892392eef53e2_JaffaCakes118
.exe windows:4 windows x86 arch:x86

e70e6f4e978f741a0c47718e5c8ad142

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\文件更新\源码\SOS GV-Leaf\release\Setup.pdb

Imports

kernel32

GetCurrentProcess
OutputDebugStringW
GetModuleHandleW
WideCharToMultiByte
LoadLibraryW
MultiByteToWideChar
GetLastError
GetProcAddress
LocalFileTimeToFileTime
CreateThread
ExitProcess
CreateFileA
GetSystemDirectoryA
MoveFileW
GetModuleFileNameA
FlushFileBuffers
DeleteFileW
CloseHandle
LockResource
GetLocalTime
GetTempPathW
CreateFileW
SizeofResource
GetSystemDirectoryW
GlobalAlloc
WriteFile
SetFileTime
SystemTimeToFileTime
LoadResource
GetModuleHandleA
FindResourceW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
SetFilePointer
HeapValidate
IsBadReadPtr
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetModuleFileNameW
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
TlsFree
SetLastError
RtlUnwind
GetConsoleCP
GetConsoleMode
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
InitializeCriticalSection
DebugBreak
OutputDebugStringA
WriteConsoleW
LoadLibraryA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

LoadIconW
SendMessageW
FindWindowW
wsprintfW
FindWindowExW

advapi32

RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteW

wininet

InternetCloseHandle
InternetOpenUrlW
InternetOpenW

shlwapi

SHSetValueW

Sections

.text
Size: 148KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e70e6f4e978f741a0c47718e5c8ad142

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

wininet

shlwapi

Sections

.text Size: 148KB - Virtual size: 146KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 3.6MB - Virtual size: 3.6MB

.text
Size: 148KB - Virtual size: 146KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 3.6MB - Virtual size: 3.6MB